4. A TOOL FOR ALL OF US
ANSIBLE
• Automate machine
provisioning and
deployments
• Agentless
• Configuration
management
• Idempotent
5. (TELL ME THE MAGIC)
HOW DOES ANSIBLE FIT IN?
• An orchestration machine with a usable shell prompt (*NIX)
• Server(s) accessible by SSH to orchestrate changes
SSH
8. THE THING YOU DO
TASK AND HANDLER
• A task is the most granular
“thing” you do. For example:
• Copy a file
• Start a process
• Create a file using Jinja2 syntax
• Tasks are linear, whereas handlers
are invoked by task completion
(similar to WordPress hooks)
• Tasks can loop, and may contain
conditional evaluation
9. A CONTAINER FOR TASKS AND HANDLERS
ROLES
• Roles are sets of tasks and
handlers that Ansible
executes
• Think shell script, but
better organized and
easier to read
• Roles can have default
variables, and be
overridden by a play
10. HOW ANSIBLE STITCHES IT TOGETHER
PLAYBOOK
• A playbook is a
collection of plays
• A play is a
collection of roles
• One can assign plays
to a host or host
group
http://docs.ansible.com/ansible/playbooks.html
11. CONFIGURATION MANAGEMENT’S BEST FRIEND
VARIABLES
• Variables can be specified at 3
levels
• Global (config / env /
command line)
• Play
• Host
• Don’t hard code configuration,
leverage variables and set
defaults for overriding
{x}http://docs.ansible.com/ansible/playbooks_variables.html
12. DEFINING WHO WE ARE
HOSTS
• A play can target a host or a
group of hosts
• Inventory may be static or
dynamic (eg. AWS)
• Specific host-related
information to access server
• User must have sudo
privileges to perform
system tasks
14. CONFIGURE A HOST
1.Make a SSH key pair
ssh-keygen -t ecdsa -f deploy
2.Copy your key file to the host (deploy.pub) and
append the file contents to ~/.ssh/authorized_keys
3.Ensure the host user has sudo access (or else “become” parameter
won’t work)
4.Ensure the python module python-httplib2 is installed
5.Disable selinux
16. YOU DON’T HAVE TO WRITE EVERY ROLE
DOWNLOAD SOME ROLES
ansible-galaxy install
sbaerlocher.wp-cli
geerlingguy.php
geerlingguy.apache
geerlingguy.mysql
geerlingguy.php-mysql
geerlingguy.firewall
17. BECAUSE NOT ALL ROLES WORK OUT OF THE BOX
MODIFING GALAXY ROLES
• Let’s check out 2 roles I modified
https://github.com/alanlok/ansible-role-wordpress.git
https://github.com/alanlok/ansible-role-wordpress-apache.git
• Modified from ansible-galaxy author darthwade’s roles
• Made more variables available for customization
• Made roles RedHat/CentOS/Amazon Linux friendly
• You can write your own roles too!
18. FILES IN YOUR STRUCTURE
CREATING YOUR OWN PLAYBOOK
•group_vars
•wordpress
•config
•roles
•ansible-role-wordpress
•ansible-role-wordpress-apache
•hosts
•wordpress-simple.yml
YAML file containing your
host group’s variables
Your custom roles
in the roles directory
Which hosts should Ansible act on
Your playbook
19. SECRET SAUCE TO MAKE IT UNIQUE
THE GROUP VARIABLES
---
apache_user: "apache"
apache_group: "apache"
wp_version: 4.5
wp_site_name: 'site1'
wp_install_dir: '/var/www/html/{{ wp_site_name }}'
wp_db_name: '{{ wp_site_name }}'
wp_db_user: '{{ wp_site_name }}_user'
wp_db_password: 'password'
wp_db_host: 'localhost'
wp_apache_hostname: '{{ wp_site_name }}.vm'
Yup, how else can I give a demo!
This is not pretty.
See “vault” for more details.
20. DONEC QUIS NUNC
THE PLAYBOOK
- hosts: wordpress
become: yes
roles:
- geerlingguy.apache
- geerlingguy.php
- geerlingguy.mysql
- geerlingguy.firewall
- geerlingguy.php-mysql
- ansible-role-wordpress
- ansible-role-wordpress-apache
- sbaerlocher.wp-cli